问题描述
我有一个运行在docker容器中的grpc-go服务器,正在监听 0.0.0.0:8080
.我在侦听Docker容器中的 localhost
或 127.0.0.1
失败后发现此方法有效-并且仅在Docker容器中运行失败,如果我走了在同一台机器上运行.
I have a grpc-go server running in docker container, listening on 0.0.0.0:8080
. I found this to be working after having failures with listening on localhost
or 127.0.0.1
in a docker container - and it only failed running in a docker container, not if I go run on the same machine.
一个简单的Web服务器也可以在localhost或127.0.0.1上侦听.
Also a simple web server did work listening on localhost or 127.0.0.1.
我发现 0.0.0.0
在任何网络适配器上进行监听-但没有其他解释.
I found that 0.0.0.0
is listening on any network adapter - but found no other explanations.
好了,问题解决了-但是我在寻找解释-你知道吗?
Well, problem solved - but I am looking for an explanation - do you know?
推荐答案
网络是docker中的命名空间之一,类似于pid和文件系统命名空间.如果您在容器内杀死pid 1,那将杀死容器内的进程,而不是在主机上终止systemd/init(只要您不覆盖名称空间).而且,如果您在容器内 rm -rf/bin
,则会从该容器中删除文件,而不是从主机中删除文件(只要您没有卷挂载).同样,名称空间中的回送网络(localhost或127.0 0.1)仅指该名称空间,而不是主机.
Networking is one of the namespaces in docker, similar to the pid and filesystem namespaces. If you kill pid 1 inside a container, that kills the process inside the container and not systemd/init on the host (as long as you don't override the namespace). And if you rm -rf /bin
inside a container, that deletes files from that container, not from the host (as long as you don't have a volume mount). Similarly, the loopback network (localhost or 127.0 0.1) in a namespace refers to just that namespace, not the host.
从更高级别考虑,只能从该主机访问主机上的环回,而不能从其他主机或外部负载平衡器访问它.命名空间网络的工作原理非常相似.相同网络名称空间内的其他进程可以到达容器内的环回,但其他名称空间内的容器则无法访问环回,也不能通过端口转发来自主机,因为该端口转发至虚拟网络接口,类似于外部负载平衡器如何转发至虚拟网络接口.主机网络接口.
Thinking about it from a higher level, loopback on the host is only reachable from that host, you cannot access it from another host, or an external load balancer. Namespaced networking works very similar. Loopback inside the container can be reached by other processes inside that same network namespace, but not containers in other namespaces, and not from the host with port forwarding since that forwards to the virtual network interface, similar to how an external load balancer forwards to the host network interface.
这篇关于为什么0.0.0.0可以正常运行,而localhost或127.0.01无法正常运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!